CyberSecurity Industry News

a source to keep yourself update in CyberSecurity Industry. read,learn, and be Up to Date.

whoever is interest in help me in this way, Please! Share News.

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,” - Boris Sharov

Being online is kind of essential thing for present time. We all are communicating with people all around the world and draw information from various sources. Literally said, if you´re not online, it´s like you´re not living.

Unfortunately, not all of us are granted with a perfect eyesight. But also these people want to be online. And secured against all threats which are also an inextricable part of today´s online world. And because TrustPort is known not only for the really reliable security software but also for being the innovative developing company, it´s not a coincidence that TrustPort developer the feature enabling partially sighted or blind people to work with its software.

In the newest version of TrustPort products you can find the feature which enables voice guide for working with our software. Thanks to that, all partially sighted or blind people are able to setup their security software for being safe within the time in the online world. They are also able to run antivirus check on demand, check for updates, and generally to control the software completely.

We are happy that we have developed such feature and that we can enable people who don´t have or lost such very important sense to feel normal again.

So, we started with such a kind action from TrustPort, what a kind Company.

Сообщение было изменено Mr.Pr: 13 Март 2017 - 12:34

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,” - Boris Sharov

Security experts at Palo Alto’s Unit 42 threat research team have discovered a new strain of ransomware targeting companies in the Middle East.

Although it seems to be fairly rudimentary in nature and littered with errors, the ransomware does contain one noteworthy element. Instead of locking files up until a ransom is paid, the victim is coerced into making a political statement on their website. Specifically, victims are forced to, “create a public sub-domain with a name that would appear to advocate and incite violence against a Middle Eastern political leader.”

This element of the ransomware, as well as the known victims, suggests it is a very targeted attack, Palo Alto said. So far it is known to have infected a Middle East government organization, but no further details have been released by Palo Alto.

While politically-motivated cyber-attacks are nothing new, DDoS and network intrusion attacks are often political. For example, Palo Alto researchers say it's the first time they’ve seen this kind of attack using ransomware in this way.

Sources at another security firm confirmed to Infosecurity Magazine that they’ve never seen this kind of ransomware.

Once running on the infected machine, RanRan will display a ransom message that demands the creation of the sub-domain, as well as a .txt file hosted on the sub-domain, along with a message announcing they’ve been hacked and an email address the attacker can use to contact them.

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,” - Boris Sharov

The UK ranks bottom of the league for the security of its code, according to a new report.

The research from software analytics firm Cast studied over one billion lines of code in nearly 2,000 enterprise applications running across 300 enterprises from three continents. Industries included financial services, insurance, telcos, manufacturing, energy, utilities and government departments.

Cast’s Crash Report covered five categories: robustness, security, performance efficiency, changeability and transferability. The majority of applications were written in Java-EE, followed by COBOL and .Net.

While the overall quality of code was considered poor, it’s worrying to see security perform particularly badly. The UK performed worst of all geographies, and the report was particularly critical of the security of code written and deployed in the UK. The US was also criticized, while France came out on top.

Cast said security scores varied significantly across different parameters, and the lowest scores recorded in that category were among the lowest across all the tests it conducted. This means there is a significant amount of insecure code running in the wild, Cast said.

Financial services organizations scored worst in terms of the security of their code, followed by retail and telcos. Given the amount of personal data those companies...

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,” - Boris Sharov

Security researchers have found malware on nearly 40 different Android devices owned by two unnamed companies. While that may sound like a fairly normal occurrence, Check Point’s researchers claim the malware was pre-installed on the devices somewhere along the supply chain.

Check Point did not name the companies involved but said one was a large telecommunications company and the other a multinational technology company.

The malware found was not installed on the device by the users but was in fact already present when the users received them. The malware was not part of the ROM firmware supplied by the vendor. Therefore, Check Point said, malicious apps were added to the devices somewhere along the production line.

In some cases the malware was installed onto the ROM itself using system privileges. Removal of the malware in these cases required a full reinstall of the device.

Among the malware discovered on the devices was the Loki malware, which can be used to display illegitimate advertisements to generate revenue. It can also steal information about the device it’s installed on. Also discovered was the Slocker mobile ransomware. This can encrypt all files on the device and demand payment in exchange for the decryption key.

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,” - Boris Sharov

Bought a brand new Android Smartphone? Do not expect it to be a clean slate.

At least 36 high-end smartphone models belonging to popular manufacturing companies such as Samsung, LG, Xiaomi, Asus, Nexus, Oppo, and Lenovo, which are being distributed by two unidentified companies have been found pre-loaded with malware programs.

These malware infected devices were identified after a Check Point malware scan was performed on Android devices. Two malware families were detected on the infected devices: Loki and SLocker.

According to a blog post published Friday by Check Point researchers, these malicious software apps were not part of the official ROM firmware supplied by the smartphone manufacturers but were installed later somewhere along the supply chain, before the handsets arrived at the two companies from the manufacturer's factory...

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,” - Boris Sharov

Yahoo Reveals Third Breach and Strips CEO Marissa Mayer of her Cash Bonus

Yahoo’s porous security defenses, related PR woes, and dwindling street value are headlines yet again, following the company’s recent announcement that intruders used forged cookies to hack 32 million user accounts over the past two years.

Forged cookies allow intruders to access users’ accounts without passwords. After the discovery, Yahoo invalidated those cookies so they cannot be used to access user accounts.

In a reuters story, the company said some of the latest intrusions can be connected to the “same state-sponsored actor believed to be responsible for the 2014 breach” in which at least 500 million accounts were affected.

“Based on the investigation, we believe an unauthorized third party accessed the company’s proprietary code to learn how to forge certain cookies,” Yahoo said in its latest annual filing.

Yahoo said in December that data from more than 1 billion user accounts was compromised in August 2013, making it the largest breach in history.

The company said last week that it would not award its CEO Marissa Mayer a cash bonus for 2016, following the independent committee’s findings related to...

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,” - Boris Sharov

(ISC)² has announced the final speaker agenda for this year’s CyberSecureGov three-day training event.

Themed Educating the Workforce in Cyber, the confab attracts 600+ attendees, bringing together experts from government, academia and industry to address the best practices, principles and technologies that create a culture characterized by a security mindset. The 2016 election, bug bounty and disclosure, Russian operations, purple teaming and cyber literacy are just a few of the topics being addressed when the event kicks off May 9 at the Marriott Wardman Park in Washington, D.C.

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,” - Boris Sharov

As the technology industry races to embrace the internet of things (IoT) and all the benefits it can bring, it has also been quick to warn about the security implications too. There have already been a number of examples of everyday IoT devices, such as security cameras and webcams, being hijacked and used to launch cyber attacks.

Many IoT devices are not built with security in mind, making them easy targets for attackers. The same fear is spreading to the Industrial Internet of Things (IIoT), connected devices used in the energy, utilities, government, healthcare and finance sectors. The potential security flaws here are much more severe, as a successful attack on an IIoT set-up could result in power grids going offline or transport systems shutting down.

It’s something that is worrying IT workers. Research from TripWire found that 96% of IT workers who have responsibility for digital security as a significant part of their job expect to see an increase in attacks on IIoT infrastructure.

The majority of respondents (64%) acknowledged the need for their organizations to defends themselves from IIoT attacks. Despite this, over half (51%) of the respondents admitted they were not prepared for any kind of malicious attack that uses IIoT elements.

The expectation is that things will only get worse. Nearly all respondents (90%) said they expect their organization to increase IIoT deployments, while 94% expect that IIoT usage will increase risks and vulnerabilities for...

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,” - Boris Sharov

2016 brought massive password dumps, resulting from the highly publicized Yahoo and LinkedIn breaches that exposed millions of users’ passwords to the public and for sale on the dark web. Research has revealed that about 35% of the leaked LinkedIn passwords were already known from previous password dictionaries, making them vulnerable to other accounts.

Researchers at behavioral firewall company Preempt took a look at the LinkedIn credentials and also found that 65% of the leaked passwords can be easily cracked with brute force using standard off-the-shelf cracking hardware.

The study also looked at general password intelligence and found that password rules, which many enterprises employ, can allow users to create weak passwords that can easily be cracked—and many individuals use the same password for multiple accounts, signaling a password epidemic amongst organizations and their users.

“One thing is certain, any person that used the same password for Linkedin as they did for their work account (or other account), is currently vulnerable within these other accounts,” said Preempt researcher Eran Cohen, in a blog. “Unfortunately, there are many users that don’t make that connection. Their LinkedIn account was breached, so they just change their LinkedIn password, not realizing that if they are using that same password elsewhere, they are actually exposed in all of those places as well. For IT security teams, this is an unknown vulnerability they have to deal with.”

Overall, the examination showed that low-complexity passwords can be cracked in less than a day, medium-complexity passwords are cracked in less than a week and high-complexity password are cracked in less than a month.

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,” - Boris Sharov

No personal info taken after notice of vulnerability forced closure of Statistics Canada and CRA sites last week, officials say

OTTAWA—An online software update revealed that federal taxpayer information was vulnerable and forced the temporary suspension of two government sites last week, but not before Statistics Canada was hacked, officials say.

No personal or commercial information was accessed during the window of vulnerability that forced the Statistics Canada and Canada Revenue Agency websites offline from late Thursday and early Friday until Sunday afternoon, government officials told reporters Monday.

Scott Jones, assistant deputy minister of information technology security with the Communications Security Establishment (CSE), said it is too soon to say who was behind any hacking attempts, and described the successful access of the Statistics Canada site as most likely a “target of convenience — just some random hacker giving it a shot.”

“There were no other compromises to our knowledge, and believe me, we were all over this,” said John Glowacki, chief operating officer for Shared Services Canada, the federal government’s central IT branch.

“We’re confident that we’ve prevented government information, including the personal information of Canadians, from being released.”

The problem was identified last Wednesday at around 10:30 p.m., Glowacki said. It was flagged in the frequent communications the government receives from online security partners around...

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,” - Boris Sharov

Facebook has moved to ban developers from exploiting user data to help create surveillance tools.

The decision appears to be in response to criticism from the American Civil Liberties Union (ACLU) aimed at Facebook and its subsidiary Instagram as well as rival social network Twitter. ACLU claimed that law enforcement organizations were using user data, including location information, to spy on people. Most notably, the ACLU report claimed it was being used to track protesters in Ferguson, Missouri.

Now Facebook has announced an update to its terms and conditions, which apply to Instagram as well, to specifically block developers from using data from Facebook for the purpose of surveillance.

“We are adding language to our Facebook and Instagram platform policies to more clearly explain that developers cannot 'use data obtained from us to provide tools that are used for surveillance.' Our goal is to make our policy explicit,” Rob Sherman, deputy chief privacy officer at Facebook, wrote.

“Over the past several months we have taken enforcement action against developers who created and marketed tools meant for surveillance, in violation of our existing policies; we want to be sure everyone understands the underlying policy and how to comply,” he added.

"We applaud this first step from Facebook," Malkia Cyril, executive director of the Center for Media Justice said in the Telegraph. "When technology companies allow their platforms and...

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,” - Boris Sharov

Thousands of high profile Twitter accounts have been hijacked and used to tweet pro-Turkey messages. Accounts belonging to the BBC, Amnesty International, Unicef, Forbes and more tweeted slogans relating to Turkey’s current diplomatic dispute with Germany and the Netherlands.

Tweets read ‘Nazi Germany, Nazi Holland,’ and contained an image of the Turkish flag and what appeared to be a swastika. Some of the tweets also referenced Turkey’s upcoming referendum, according to the Guardian, where the public will vote on increasing the powers of President Tayyip Erdogan. The tweets also contained a pro-Erdogan YouTube video.

It appears the breach happened after hackers gained access to a third-party Twitter application called Twitter Counter. As well as being used to monitor Tweet activity, Twitter Counter can post to users’ timelines automatically, which appears to be how this hack happened. The hackers would not have had full access to the Twitter accounts, nor would they have accessed passwords or any other sensitive information.

Omer Ginor, Twitter Counter’s CEO, told the Guardian: “We are aware of the situation and have started an investigation into the matter. Before any definite findings, we’ve already taken measures to contain such abuse of our users’ accounts, assuming it is indeed done using our system - both blocking all ability to post tweets using our system and changing our Twitter app key.”

A Twitter spokesperson told SkyNews they had "quickly located the source which was limited to third party app. We removed its permissions immediately. No additional accounts are impacted.”

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,” - Boris Sharov

Researchers have spotted a variant of last year's Petya ransomware, now with updated crypto and ransomware models.

Kaspersky's Anton Ivanov and Fedor Sinitsyn say the attack, which they've dubbed “PetrWrap”, uses the PsExec tool to install ransomware on any endpoint it can access.

Rather than use the original Petya, which was cracked last April, “the group behind PetrWrap created a special module that patches the original Petya ransomware 'on the fly'”, the Kaspersky post states.

The on-the-fly patching is designed to hide the fact that Petya is handling the infection, and PetrWrap uses its own crypto routines.

If the PetrWrap vxers had stuck with Petya's ransomware-as-a-service model, they would need a Petya private key to decrypt victims' data. Their solution is to replace the ECDH implementation with their own crypto, and their own public and private keys.

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,” - Boris Sharov

Cyber-espionage is the top threat facing businesses, ahead of targeted attacks and phishing attempts, according to new research.

Trend Micro’s research covered nearly 2500 organizations across Europe and the UK and found that 64% of businesses had experienced a ‘known’ major cyber-attack in the past 12 months. On average, businesses were hit by four cyber-attacks during that time.

Ransomware proved to be the most common type of incident, with 78% of respondents reporting an attack. Phishing (31%), business email compromise (17%) and cyber-espionage (15%) were other common attacks

Looking ahead, Trend Micro found that cyber-espionage is the most pressing concern for businesses. That’s likely to be because of the increased coverage of cyber-espionage in the press. In particular, reports of Russian involvement in hacking the US Democratic National Committee (DNC) in order to influence the US presidential election in favor of Donald Trump, as well as concerns over potential Russian involvement in elections in the UK, France and other European nations.

“Could this be a reaction to the wall-to-wall media coverage of alleged state-sponsored interference in the US and upcoming European elections? It’s certainly a growing threat, both in terms of nation state spying and financially motivated cybercrime,” said Raimund Genes, chief technology officer, Trend Micro.

Cyber-espionage was the top concern for 20% of respondents, followed by targeted attacks (17%) and phishing (16%). Ransomware drops to just 10%, which is surprising

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,” - Boris Sharov

Patch Tuesday After taking a month off, Microsoft's Patch Tuesday is back – and it's a blockbuster edition. There are 18 bundles of patches covering 140 separate security vulnerabilities.

These flaws range from a hypervisor escape in Hyper-V, remote-code execution via PDF and Office files and malicious SMB traffic, to the usual barrage of information leaks and privilege escalations.

This follows Microsoft postponing its February Patch Tuesday due to problems within its build system: Microsoft is consolidating more and more of its Windows code – from Server and client to mobile – into one source base, dubbed OneCore. Issuing security patches last month proved problematic enough to delay their distribution, El Reg understands.

An SMB link-of-death bug disclosed before February's Patch Tuesday was patched by a third-party security vendor – and now Redmond has its official patch out, and so sysadmins can get their fix from the horse's mouth.

We've got a full rundown of this month's security fixes – make sure you install them ASAP before miscreants start exploiting them in the wild:

MS17-006 This fixes 12 CVE-listed flaws in Internet Explorer. The bulk deal with memory corruption issues, but the worst would allow a remote code execution attack when an IE user visited a malicious website. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," said Microsoft, which is super bad if the user is an administrator.

MS17-007 Microsoft's other browser, Edge, was supposed to be lighter weight and more secure, but this bundle resolves a whopping 32 vulnerabilities. "The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge," said Redmond. "An attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker...

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,” - Boris Sharov

Interview The very software that is supposed to protect your security is an under-appreciated threat to privacy because of the massive amount of data many products secretly gather on customers, according to F-Secure's Jarno Niemelä.

Niemelä also told told The Register that despite the dismissive claim in the recent WikiLeaks' release of CIA documents, namely that “F-Secure has generally been a lower tier product that causes us minimal difficulty,” the company is confident it can handle intelligence agencies' espionage efforts.

Speaking to us at this year's IAPP's Europe Data Protection Intensive 2017 in London, Niemelä, who's the lead researcher at F-Secure labs, said his company had not been significantly offended by the mention: “Obviously we have only the leaked notes to go on with, but as far as we can see basically what they're talking about is the gateway product — so basically mail filters.”

Niemelä added “they are products, so anybody can buy them, and anybody with enough time can figure out some kind of mistake there. That's a fact of life, it's software, bugs happen, and then any attacker with enough resources will be able to find a way of bypassing that.”

Such products can handle the lower-level and more common threats that might hit the unwary, but “the more important defence systems are in the end-point itself, so there's the end-point protection systems, EPPs, which can identify that Word has started misbehaving,” which is “much more difficult to bypass,” said Niemelä, “and then we have this premium service, Rapid Detection Service, which basically then is a sensor which sends information to our back-end.”

The big difference with a security service rather than a product, is that the attacker can't see why they've been caught. “The thing is, when you ha...

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,” - Boris Sharov

Russia has denied any involvement in the 2014 hack of internet giant Yahoo, after US authorities charged four people over the incident.

US Department of Justice (DoJ) officials charged two Russian spies and two criminal hackers in relation to the 2014 breach, which exposed around 500 million Yahoo accounts.

According to the BBC, Russian officials have formally denied any involvement in the hack. “As we have said repeatedly, there can be absolutely no question of any official involvement by any Russian agency, including the FSB, in any illegal actions in cyberspace," said spokesman Dmitry Peskov.

Reutersadded that Russian officials also said they had received no official word from their American counterparts about the charges. All their information had been taken from media reports, Peskov said.

Two of those charged, Dmitry Dokuchaev and Igor Sushchin, work for the FSB, Russia’s intelligence agency and successor to the KGB. The other two, Karim Baratov and Alexsey Belan, are considered career hackers. Belan is on the FBI’s Cyber Most Wanted list after two previous indictments on hacking charges.

The DoJ’s charges allege that the FSB agents worked closely with Belan and Baratov and passed them information that would help them avoid detection by US authorities. They hacked into Yahoo’s database to target accounts belonging to Russian journalists, Russian and US government officials and employees of a Russian cybersecurity company.

The charges included conspiracy, computer fraud and abuse and economic espionage.

In total around 500 million accounts were compromised. It is further alleged that Belan used this access to steal credit card details and other financial details. It is also claimed that he sold details of 30 million accounts which were subsequently targeted by a spam campaign...

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,” - Boris Sharov

A recently resolved vulnerability in the Linux kernel that had the potential to allow an attacker to gain privilege escalation or cause denial of service went undiscovered for seven years.

Positive Technologies expert, Alexander Popov, found a race condition in the n_hdlc driver that leads to double-freeing of kernel memory. This Linux kernel flaw might be exploited for privilege escalation in the operating system. The (CVE-2017-2636) bug was evaluated as dangerous with a CVSS v3 score of 7.8, towards the higher end of the scale which runs from 1-10.

The vulnerability affects the majority of popular Linux distributions including RHEL 6/7, Fedora, SUSE, Debian, and Ubuntu.

Given the flaw's age, Linux enterprise servers and devices have been vulnerable for some time, however it’s impossible to say if it has been actively exploited...

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,” - Boris Sharov

Intel has launched its first bug bounty program, offering rewards of up to $30,000.

The chip maker has partnered with specialist bug bounty outfit HackerOne to create a scheme that aims to encourage hackers to hunt for flaws in Intel's hardware, firmware and software. Intel will pay up to $30,000 for critical hardware vulnerabilities (less for firmware or software holes). The more severe the impact of the vulnerability and the harder it is to mitigate, the bigger the payout.

Bug bounties have become a familiar part of the infosec ecosystem over recent years, with software vendors such as Google and Microsoft leading the charge. Over time, a greater range of vendors have joined in.

Intel Security (McAfee) products are not in-scope of the Intel bug bounty program. Flaws in third-party products and open-source code are also beyond the compass of the scheme. Intel's web infrastructure has also been excluded...

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,” - Boris Sharov